CVE-2022-1918

The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS v3 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://plugins.trac.wordpress.org/browser/toolbar-to-share/trunk/toolbartoshare.php	Exploit Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/fbda7670-179a-41ed-8ec9-ae7f5102e645?source=cve
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1918	Third Party Advisory
https://plugins.trac.wordpress.org/browser/toolbar-to-share/trunk/toolbartoshare.php	Exploit Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/fbda7670-179a-41ed-8ec9-ae7f5102e645?source=cve
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1918	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:toolbar_to_share_project:toolbar_to_share:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 06:41

Type	Values Removed	Values Added
References	~~() https://plugins.trac.wordpress.org/browser/toolbar-to-share/trunk/toolbartoshare.php - Exploit, Third Party Advisory~~	() https://plugins.trac.wordpress.org/browser/toolbar-to-share/trunk/toolbartoshare.php - Exploit, Third Party Advisory
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/fbda7670-179a-41ed-8ec9-ae7f5102e645?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/fbda7670-179a-41ed-8ec9-ae7f5102e645?source=cve -
References	~~() https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1918 - Third Party Advisory~~	() https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1918 - Third Party Advisory

21 Jun 2022, 18:36

Type	Values Removed	Values Added
References	~~(MISC) https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1918 -~~	(MISC) https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1918 - Third Party Advisory
References	~~(MISC) https://plugins.trac.wordpress.org/browser/toolbar-to-share/trunk/toolbartoshare.php -~~	(MISC) https://plugins.trac.wordpress.org/browser/toolbar-to-share/trunk/toolbartoshare.php - Exploit, Third Party Advisory
CWE		CWE-352
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.8 v3 : 8.8
CPE		cpe:2.3:a:toolbar_to_share_project:toolbar_to_share::::::wordpress::*

13 Jun 2022, 13:26

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-06-13 13:15

Updated : 2024-11-21 06:41

NVD link : CVE-2022-1918

Mitre link : CVE-2022-1918

CVE.ORG link : CVE-2022-1918

JSON object : View

Products Affected

toolbar_to_share_project

toolbar_to_share

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

8.8 /10